Morphing engines classification by code histogram
Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2011
|
| Subjects: | |
| Online Access: | http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf http://eprints.sunway.edu.my/94/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Sunway University |
| Language: | English |
| Summary: | Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison. |
|---|